Mutillidae is a great open source project you can use to tech yourself webapp security, which is maintained by @webpwnized, and is great for learning how to secure webapps, check it out.
Here we have another example of simple Sql Injection. In the previous example we bypassed the authentication controls, in this example we dump the User table which contains all usernames and passwords on the Webpage. This webpage is a simple account search page. We are being asked for our username and password in order to view and edit our account details, and again we can use a simple Sql Injection which will equal true
(‘OR 1=1 — )
As the input is not filtered the whole User table can be dumped into the webpage. Again this is a basic example but it shows that you need to carefully consider the security of any table that users can query, as once we have dumped the table we can login as any user! (Again we are using Mutillidae to demonstrate this vulnerability)
@2codemonte 